Real Incident, Real Risks
A resident in Pennsylvania took immediate action after finding medical records from a local doctor’s office strewn along the ground and filling a nearby dumpster. The man gathered the documents and brought them to a news outlet, who then turned them over to an investigator with the Pennsylvania Department of State. According to the York Daily Record, the files found at the Resource Recovery Center contain personal medical information, doctors’ notes, social security numbers, and insurance information. It is unknown who delivered the files to the public waste facility. This is an alarming example of improper medical records disposal. That’s why professional shredding — especially for healthcare related businesses — is so important.
Federal & State Regulations for Secure Medical Records Disposal
The Health Insurance Portability and Accountability Act (HIPAA) requires hospitals, medical providers, and health insurance companies to protect past, present and future patient information. While the Health and Human Services website states that patient information cannot be disposed of in any area accessible by the public or other unauthorized persons, it does not require any specific disposal method. It does add that locked bins or receptacles accessible to authorized people are permitted. Otherwise, doctors are to create their own “reasonable” procedures for medical records disposal.
California has additional laws about the retention and disposal of such records. Professional and mobile shredding provides 100% compliance with proper disposal. Not only does it completely destroy paper and electronic media, a professional shredder like Sergeant Shredder can provide a Certificate of Destruction — important documentation to prove materials were disposed according to the law.
Navigating in a Security Grey Area
It’s normal practice for hospitals to share records related to patient care with independent physicians or medical staff. From there, it is the hospital’s responsibility to securely dispose of those records. Providers are asked to create and implement policies to safeguard patient information but they are not always provided a framework or guidelines specifying best practices for medical records disposal.
Seeking assisting from a provider that offers confidential destruction of medical records is often the best way to protect providers and patients. Shredding medical records that are past retention guidelines keeps personally identifiable information out of areas such as public dumpsters. At Sergeant Shredder we understand HIPAA compliance, as well as JCAHO — yet another regulation affecting healthcare organizations.
Not sure if your current processes adhere to HIPAA guidelines? Give us a call, we can help you sort things out.